This privacy policy describes in detail how the Sandstorm Oasis hosting service ("the service"), as run by Sandstorm Development Group, Inc. ("we"/"us"), protects your privacy.
This policy does NOT apply to users running the Sandstorm open source software on their own servers; see the Sandstorm license. This policy also does NOT apply to any other services run by us.
Sandstorm (the company, the service, and the platform) does not employ any automated "data-mining" algorithms that look at the content of your grains. We do not serve advertising and do not build an advertising profile about you. We do not sell or give away any personal data to any third party.
In general, you have a high degree of control over how your data is shared via the sharing UI. You, as a user, decide with whom your data and personal details are shared through the Sandstorm interface.
If you do not wish to have Sandstorm collect, maintain, and use data provided by or about you as described in this Privacy Policy, you have the option instead to run the Sandstorm open-source software on your own servers.
The service gathers aggregated data counts, such as "the number of people who logged in yesterday" or "the number of documents created using Etherpad". These counts aggregate data from many users and are not personally identifiable. We try not to gather statistics that may be personally identifiable; for example, if an application is installed by only one user, we will not gather statistics about it.
The service intends only to gather your personal data in ways that are clear and obvious from the user interface. If you believe that your personal data is being used in a way that you did not expect or authorize, email [email protected] to report the problem.
The service gathers email addresses from all users. You are required to provide a valid email address, as this is the primary mechanism by which we will notify you of issues regarding your account.
The service also gathers a few pieces of personal "profile information" for the purpose of identifying you to other people on the service. These include:
- Your name.
- Your profile picture or avatar.
- Your unique user ID corresponding to the login service(s) you used to authenticate (for example, your Github username, if you log in using Github).
- Other personal information which you add to your profile.
All profile information is voluntary; you can edit (or remove) the information through your account settings.
When you use the service to share data with other people, or when you access data shared with you by other users of the service, your profile information may be revealed to the other users with whom you are connecting, so that they can identify you.
Individual Sandstorm apps may gather arbitrary personal data about you. Sandstorm does not control the behavior of these apps. To understand how the application uses your data, please consult the app's own documentation, privacy policy, and terms of use.
Sandstorm allows you to control how an app is shared with other users. It is our intent that an application cannot communicate with any other party unless you explicitly permit it to do so via the Sandstorm user interface, and the Sandstorm platform is designed to enforce this at a technical level. However, it is possible that a defect in the software will allow an application to bypass this policy. Any such defects should be immediately reported to [email protected].
If you permit it, a Sandstorm app may connect to third parties and transmit arbitrary data to and from that third party. Once you have given an app permission to talk to a third party, Sandstorm cannot make any guarantees about what data it sends to or receives from that party. You must consult the privacy policy and terms of use of that app to find out how it functions, what data it takes, and what it does with that data. Sandstorm does not control any of these functions. If you have a complaint about the handling of your data by an app, that complaint must be taken to the app provider, not Sandstorm. Sandstorm is not responsible for the conduct of the apps.
If you connect to a grain owned by another user (for example, a document shared with you), any information you communicate to that grain becomes controlled by the user who owns the grain. Sandstorm cannot control what that user does with the data and is not responsible for what the user does with that data, even where you believe such use violates Sandstorm's policies. The user may offer their own privacy policy governing the data, but Sandstorm's privacy policy does not apply.
Payment provider: Sandstorm collects payments through Stripe. Your payment information, such as your credit card number and billing address, is stored only by Stripe, not by Sandstorm. Please see Stripe's privacy policy and terms of service.
Third-party log in: If you sign in through a third-party login service like Google or Github, we collect information from it in order to populate your profile information, as described above. This information may be edited or removed through your account settings.
Logs: The service collects logs for the purpose of system health monitoring, debugging, and security. Logs may record events like "User 'kenton' logged in from IP address 192.168.1.10," "App Etherpad version 1.5.6 was successfully installed," or "Error: Database claims Etherpad is installed but I can't find the files on disk!" These logs are only examined in the event that they are needed to resolve a problem (a software bug, a service outage, or a security breach), and can only be accessed by Sandstorm employees or internal fully-automated systems tasked with detecting and resolving these problems. Content of a grain (i.e. most of your data) is never intentionally stored to these logs. These logs are stored on Sandstorm's servers. These logs are deleted after 30 days.
IP Address: We may store your IP address as part of our logs. We may share your IP address to facilitate connections between yourself and other users, such as setting up a real-time video conference. We do not otherwise share your IP address with third parties.
Cookies and local storage: We use cookies and browser local storage for authentication and security purposes.
We also use cookies to gather aggregate anonymous analytics about how users use our web site at sandstorm.io, such as to answer questions like "How many of our visitors have visited before?" or "Are users who read about our security model more likely to sign up?" However, this data is never tied to actual identites or user accounts, nor otherwise used to build per-user profiles. Moreover, we do not track users on any third-party site.
All data we collect is stored in the United States on servers at our infrastructure service provider, Google Cloud Services, which stores this data encrypted at rest. Google Cloud Services' Terms of Service, section 5, states that Google will use data stored through the service only to deliver the service; data will not be used in conjunction with Google's other products, including advertising products. Additional details regarding Google Cloud Services' compliance as a data processor and their practices for data deletion and security can be found in their Data Processing and Security Terms.
We use any information we gather to improve the services we offer.
We acknowledge that individuals have the right to access the personal information/data that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
We do not sell any personal data to any third party. We do not share personal data with any third party, except as necessary to implement the service. For instance, if you choose to log in through Github, then we share data with Github, but only as necessary to implement login. If you do not wish for data to be shared with a third party (other than our infrastructure provider), you may opt-out by refraining from using features that integrate with that third party -- such features are clearly marked in the Sandstorm user interface. If you believe we are sharing more data than necessary, please email [email protected] to report the problem so we may fix it.
We also may share your data with law enforcement or other third parties to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law (including without limitation in response to service of process). Any such action will be consistent with the policies and guidelines included in our Terms of Service. We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Note, however, that we expressly disclaim all liability arising out of third-party disclosures made pursuant to the preceding three paragraphs, which disclaimer you accept by your usage of the service.
If we merge with another company or are acquired by another company, we will share all of the data we have gathered with that company. In this event, Sandstorm will notify you before information about you is transferred and becomes subject to a different privacy policy.
The W3C "Do Not Track" standard defines "tracking" as follows:
Tracking is the collection of data regarding a particular user's activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred. A context is a set of resources that are controlled by the same party or jointly controlled by a set of parties.
Sandstorm, as a company, does not engage in "tracking", in that we do not track users across multiple unrelated contexts or web sites without the user's explicit consent. This applies regardless of the presence of "Do Not Track" signals.
Most things can be edited through the Sandstorm interface, but if not, email [email protected].
Please note that even after we have changed or deleted your data from our systems, backup copies of your data may continue to exist on systems maintained by our infrastructure vendors (e.g., Google Cloud), over which we may not have control.
Sandstorm will not edit content owned by other users (which is most of the content on the platform).
If you cancel your service, all of your data (including grains) will be deleted (subject to "data deletion" in the Terms of Service and backups maintained by our infrastructure vendors as discussed above). However, if you merely stop paying for your service without requesting cancellation, then Sandstorm may, as a courtesy, continue to store your data so that you may access it again once you resume payments. Either you or Sandstorm may choose to end this courtesy storage at any time. You may cancel your service through the user interface or you can contact us at [email protected].
This policy is effective as of September 9, 2016.